The website whonix.org takes an individual's privacy seriously and collects as little information as possible. IP logs are disabled and apache mod-removeip is being used.  If events such as spamming or abuse become widespread, then it may be necessary to re-enable IP logging.
In any case, it is recommended to visit this website using either Tor Browser in Whonix or the Tor Browser Bundle. Although this server is rented from a reputable server provider, their logging policy cannot be audited.
|Valid SSL Certificate||Yes|
|HTTPS Everywhere  Inclusion||Yes |
|OpenPGP-signed Fingerprint of whonix.org's SSL Certificate||Yes |
|Passed Qualys SSL LABS  SSL Server Test :||Yes, A+ rating. |
|HSTS ||Yes |
|HSTS Preloading List     ||Yes   |
|Certificate Authority (CA) Pinning||obsolete |
|HTTP Public Key Pinning||obsolete |
|DNS Certification Authority Authorization (CAA) Policy||Yes|
|Flagged Revisions ||Yes, admins must verify changes before they become the default version.|
|Secondary .onion Domain ||Yes  |
|Content Security Policy (CSP)||No   |
If users have any further suggestions, please edit this entry or discuss possible changes in the Whonix forums.
- Cite error: Invalid
<ref>tag; no text was provided for refs named
curl -i https://whonix.org
- Requested. Will propagate to Chrome, Firefox and Tor Browser.
- Optional Tor onion service (.onion domain); alternative end-to-end encrypted/authenticated connection; in this use case, not for location privacy; backup in case DNS is not functional
- See also Forcing .onion on Whonix.org.
- D Rating. https://securityheaders.io/?followRedirects=on&hide=on&q=whonix.org Content Security Policy is not enacted, X-Content-Type-Options are vulnerable to MIME-sniffing, and Referrer Policy is not set.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.